• About
  • Subscribe
  • Contact
Thursday, May 8, 2025
    Login
  • Management Leadership
    • Growth Strategies
    • Finance
    • Operations
    • Sales and Marketing
    • Careers
  • Technology
    • Infrastructure and Platforms
    • Business Applications and Databases
    • Big Data, Analytics and Intelligence
    • Security
  • Industry Verticals
    • Finance and Insurance
    • Manufacturing
    • Logistics and Transportation
    • Retail and Wholesale
    • Hospitality and Tourism
    • Government and Public Services
    • Utilities
    • Media and Telecommunications
  • Resources
    • Whitepapers
    • PodChats
    • Videos
  • Events
No Result
View All Result
  • Management Leadership
    • Growth Strategies
    • Finance
    • Operations
    • Sales and Marketing
    • Careers
  • Technology
    • Infrastructure and Platforms
    • Business Applications and Databases
    • Big Data, Analytics and Intelligence
    • Security
  • Industry Verticals
    • Finance and Insurance
    • Manufacturing
    • Logistics and Transportation
    • Retail and Wholesale
    • Hospitality and Tourism
    • Government and Public Services
    • Utilities
    • Media and Telecommunications
  • Resources
    • Whitepapers
    • PodChats
    • Videos
  • Events
No Result
View All Result
No Result
View All Result
Home Technology Security

Why hacking is an easy entry job to make money from

FutureCIO Editors by FutureCIO Editors
August 4, 2022
source:https://futurecio.tech/wp-content/uploads/2022/08/pexels-tima-miroshnichenko-6266514.jpg

source:https://futurecio.tech/wp-content/uploads/2022/08/pexels-tima-miroshnichenko-6266514.jpg

Just as how other industries have adopted the 'as-a-service model', illicit service providers have done the same by selling tools, instruction manuals and target lists to novice or entry-level hackers. Some go beyond to provide cheat sheets for easy access to a list of easy targets - making it easy to zero in on vulnerable links into finance and real estate companies.

Hacking is now a managed service similar to a pay-to-play environment that allows amateurs to quickly develop attacks that are far beyond their skill level. The low barriers of entry mean that cybercriminals only need basic skills to launch common attacks, including phishing, distributed denial of service (DDoS), or any kind of targeted hacking.

Hacking as a service (HaaS) is the commercialisation of hacking skills, in which the hacker serves as an outsourced contractor. HaaS makes advanced code-breaking skills available to anyone with a web browser and a credit card. These elusive service providers are so organised in the dark web that anyone with money can pay for a list of specialist hackers to hire and do the job.

According to a new report from Palo Alto Networks, a global cyber security company, software vulnerabilities, especially in finance and real estate industries, attract hackers who scour the internet for weak links they can make money from. Their investigation team identified that the finance industry and real estate were among the industries that received the highest average ransom demands, averaging $8 million and $5.2 million, respectively. 

Ransom demands and payments by industry

source: https://www.paloaltonetworks.com/unit42/2022-incident-response-report

Easy Entry Job - better than a Ponzi Scheme

“Right now, cybercrime is an easy business to get into because of its low cost and often high returns. As such, unskilled, novice threat ‘actors’ can get started with access to tools like hacking-as-a-service becoming more popular and available on the dark web,” said Wendi Whitmore, senior vice president and head of Unit 42 at Palo Alto Networks.

Ransomware

“Ransomware attackers are also becoming more organised with their customer service and satisfaction surveys as they engage with cybercriminals and the victimised organisations.”

- Wendi Whitmore

- Wendi Whitmore
Source: https://www.linkedin.com/in/wendiwhitmore2/

Overall, ransomware and business email compromise (BEC) was the top incident types that the Incident Response team responded to over the past 12 months, accounting for approximately 70% of incident response cases. The report can help security engineers prioritise resources to reduce and mitigate risks.

What attackers are going after in 2022

Typically, ransomware actors are only discovered after files are encrypted, and the victim organisation receives a ransom note. The median dwell time — meaning the time threat actors spend in a targeted environment before being detected — observed for ransomware attacks was 28 days.

Ransom demands have been as high as $30 million, and actual payouts have been as high as $8 million, a steady increase compared to the findings of the 2022 Unit 42 Ransomware Report. A new ransomware victim is posted on leak sites every four hours. Identifying ransomware activity early is critical for organisations. Increasingly, affected organisations can also expect threat actors to use double extortion, threatening to publicly release sensitive information if a ransom was not paid. 

image source: https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/reports/2022-unit42-incident-response-report-final.pdf

Business email compromise (BEC)

Cybercriminals use a variety of techniques in wire-fraud schemes to attack business email accounts. Phishing offers an easy and cost-effective way to gain covert access while maintaining a low risk of discovery. According to the report, in many cases, fraudsters are simply asking their unwitting targets to hand over their credentials. Once they have acquired access, the median dwell time for BEC attacks was 38 days, and the average amount stolen was $286,000.

Affected Industries 

Attackers follow the money when it comes to targeting industries; however, many attackers are opportunistic, simply scanning the internet in search of systems where they can leverage known vulnerabilities. Unit 42 identified the top affected industries in incident response cases as finance, professional and legal services, manufacturing, healthcare, high tech, wholesale and retail. Organisations within these industries tend to store, transmit and process high volumes of sensitive information that can be monetised. This attracts threat actors and hackers. 

Statistics from IR case report that cyber-attackers don’t want you to know: 

  • The top three initial access vectors used by threat actors were phishing, exploitation of known software vulnerabilities and brute-force credential attacks focused primarily on remote desktop protocol (RDP). Combined, these attack vectors make up 77% of the suspected root causes for intrusions.
  • ProxyShell, which is an attack chain that exploits known vulnerabilities in Microsoft Exchange, accounted for more than half of all vulnerabilities exploited for initial access at 55%, followed by Log4J (14%), SonicWall (7%), ProxyLogon (5%) and Zoho ManageEngine ADSelfService Plus (4%).
  • In half of all IR cases, organisations lack multi-factor authentication on critical internet-facing systems, such as corporate webmail, virtual private network (VPN) solutions or other remote access solutions.
  • In 13% of cases, organisations had no mitigations in place to ensure account lockout for brute-force credential attacks.
  • In 28% of cases, having poor patch management procedures contributed to threat actor success. 
  • In 44% of cases, organisations did not have an endpoint detection and response (EDR) or extended detection and response (XDR) security solution, or it was not fully deployed on the initially impacted systems to detect and respond to malicious activities.
  • 75% of insider threat cases involved a former employee 

By consulting security experts with deep and real experiences, can organisations better understand how to contain, remediate and eradicate the problems effectively with the right set of tools and methods.

Related:  Virtual network enables the next decade of transformation
Tags: cybersecurityfraud detection & preventionfraudulent emailsPalo Alto Networksphishing attacksPhishing-as-a-Serviceransomware
FutureCIO Editors

FutureCIO Editors

No Result
View All Result

Recent Posts

  • Agentic AI-powered AppSec platform launched for the AI era
  • IDC forecasts GenAI alone will grow at a 59.2% CAGR
  • Dataiku brings new AI capabilities to create and control AI agents
  • Microsoft reveals the rise of a new kind of organisation in the AI era
  • St Luke’s ElderCare enhances data security and user experience with Juniper

Live Poll

Categories

  • Big Data, Analytics & Intelligence
  • Business Applications & Databases
  • Business-IT Alignment
  • Careers
  • Case Studies
  • CISO
  • CISO strategies
  • Cloud, Virtualization, Operating Environments and Middleware
  • Computer, Storage, Networks, Connectivity
  • Corporate Social Responsibility
  • Customer Experience / Engagement
  • Cyber risk management
  • Cyberattacks and data breaches
  • Cybersecurity careers
  • Cybersecurity operations
  • Education
  • Education
  • Finance
  • Finance & Insurance
  • FutureCISO
  • General
  • Governance, Risk and Compliance
  • Government and Public Services
  • Growth Strategies
  • Hospitality & Tourism
  • HR, education and Training
  • Industry Verticals
  • Infrastructure & Platforms
  • Insider threats
  • Latest Stories
  • Logistics & Transportation
  • Management Leadership
  • Manufacturing
  • Media and Telecommunications
  • News Stories
  • Operations
  • Opinion
  • Opinions
  • People
  • Process
  • Remote work
  • Retail & Wholesale
  • Sales & Marketing
  • Security
  • Tactics and Strategies
  • Technology
  • Utilities
  • Videos
  • Vulnerabilities and threats
  • White Papers

Strategic Insights for Chief Information Officers

FutureCIO is about enabling the CIO, his team, the leadership and the enterprise through shared expertise, know-how and experience - through a community of shared interests and goals. It is also about discovering unknown best practices that will help realize new business models.

Quick Links

  • Videos
  • Resources
  • Subscribe
  • Contact

Cxociety Media Brands

  • FutureIoT
  • FutureCFO
  • FutureCIO

Categories

  • Privacy Policy
  • Terms of Use
  • Cookie Policy

Copyright © 2022 Cxociety Pte Ltd | Designed by Pixl

Login to your account below

or

Not a member yet? Register here

Forgotten Password?

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
No Result
View All Result
  • Management Leadership
    • Growth Strategies
    • Finance
    • Operations
    • Sales and Marketing
    • Careers
  • Technology
    • Infrastructure and Platforms
    • Business Applications and Databases
    • Big Data, Analytics and Intelligence
    • Security
  • Industry Verticals
    • Finance and Insurance
    • Manufacturing
    • Logistics and Transportation
    • Retail and Wholesale
    • Hospitality and Tourism
    • Government and Public Services
    • Utilities
    • Media and Telecommunications
  • Resources
    • Whitepapers
    • PodChats
    • Videos
  • Events
Login

Copyright © 2022 Cxociety Pte Ltd | Designed by Pixl

Subscribe